commit 65d4f44c1fd999d9cf9c4ef4dc65deb71bafcd8e
author Robert Craig <rpcraig@tycho.ncsc.mil> Wed Mar 27 06:30:25 2013 -0400
committer Robert Craig <rpcraig@tycho.ncsc.mil> Wed Mar 27 06:30:25 2013 -0400
tree d0de54a59707399c0310aa7a43310167ff0c2d02
parent bf539bf363c0361e3bac8ffd5e15c7ec8c514fdb

Various policy updates.

Assortment of policy changes include:
 * Bluetooth domain to talk to init and procfs.
 * New device node domains.
 * Allow zygote to talk to its executable.
 * Update system domain access to new device node domains.
 * Create a post-process sepolicy with dontaudits removed.
 * Allow rild to use the tty device.

Change-Id: Ibb96b590d0035b8f6d1606cd5e4393c174d10ffb
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>

Android.mk

diff --git a/Android.mk b/Android.mk
index 2a6751e..47b17a9 100644
--- a/Android.mk
+++ b/Android.mk
@@ -77,10 +77,12 @@
 $(sepolicy_policy.conf) : $(call build_policy, security_classes initial_sids access_vectors global_macros mls_macros mls policy_capabilities te_macros attributes *.te roles users initial_sid_contexts fs_use genfs_contexts port_contexts)
 	@mkdir -p $(dir $@)
 	$(hide) m4 -D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) -s $^ > $@
+	$(hide) sed '/dontaudit/d' $@ > $@.dontaudit
 
 $(LOCAL_BUILT_MODULE) : $(sepolicy_policy.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy
 	@mkdir -p $(dir $@)
 	$(hide) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -c $(POLICYVERS) -o $@ $<
+	$(hide) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -c $(POLICYVERS) -o $(dir $<)/$(notdir $@).dontaudit $<.dontaudit
 
 built_sepolicy := $(LOCAL_BUILT_MODULE)
 sepolicy_policy.conf :=